Governance of an Insider Threat Program
A mature governance structure is essential to effectively develop, deploy, and manage an insider threat program. The CERT Insider Threat Center recommends that the organization implement a governance structure that enables the insider threat program to
- Maintain an updated knowledge base related to insider threats including staying current with the latest research and capturing lessons learned.
- · Provide support to the insider threat program stakeholders to ensure the groups are meeting their objectives, providing the appropriate inputs to the insider threat program manager and appropriately communicating results and decisions to other insider threat program stakeholders.
- · Monitor governance practices to ensure that governing bodies are meeting insider threat program needs, to make recommendations for improvement, and to refine the measures as needed.
- · Capture and communicate insider threat program success stories to internal and external stakeholders to increase program support.
- · Execute a comprehensive program-risk-management approach and required procedures for insider threat program stakeholders.
- · Perform processes including budgetary review, the development of future technical requirements, continuous operation procedures, and risk management.
- · When applicable, facilitate both formal and informal Continuous Diagnostic Monitoring (CDM) governance training for the CDM program staff, departments and/or agencies (D/As), partners, and stakeholders.
- · Maintain and execute the program schedule for updating charter guidance, procedures, and policies based on ongoing lessons learned (both internally and externally), best practices, and stakeholder input.
–Common Sense Guide to Mitigating Insider Threats, Fifth Edition, The CERT Insider Threat Center, Software Engineering Institute at Carnegie Mellon University ( http://www.sei.cmu.edu), December 2016
TECHNICAL NOTE: CMU/SEI-2015-TR-010
- Amazon.com list of books about IT Insider Threats.